× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: af9e79ac9326c2589d1d2e8a9c19d2079c4a21bd19e05f11c532cdd46e82e114
File name: .
Detection ratio: 49 / 70
Analysis date: 2019-02-12 18:02:16 UTC ( 2 months, 1 week ago )
Antivirus Result Update
Ad-Aware Gen:Variant.Zusy.287583 20190212
ALYac Gen:Variant.Zusy.287583 20190212
Antiy-AVL Trojan[Dropper]/Win32.Agent.bjrkpr 20190212
Arcabit Trojan.Zusy.D4635F 20190212
Avast Win32:Malware-gen 20190212
AVG Win32:Malware-gen 20190212
Avira (no cloud) TR/Downloader.Gen 20190212
Baidu Win32.Trojan.Shyape.a 20190202
BitDefender Gen:Variant.Zusy.287583 20190212
CAT-QuickHeal Trojan.Zenshirsh.SL7 20190212
ClamAV Win.Malware.Scar-6745903-0 20190212
CMC Trojan.Win32.Scar!O 20190212
Comodo TrojWare.Win32.Shyape.G@590p1r 20190212
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20181023
Cybereason malicious.d6f2d8 20190109
Cylance Unsafe 20190212
DrWeb Trojan.DownLoad3.22515 20190212
eGambit RAT.Sakula 20190212
Emsisoft Gen:Variant.Zusy.287583 (B) 20190212
Endgame malicious (moderate confidence) 20181108
ESET-NOD32 a variant of Win32/Shyape.G 20190212
F-Secure Trojan.TR/Downloader.Gen 20190212
Fortinet W32/Shyape.G!tr 20190212
GData Win32.Trojan.Sakurel.B 20190212
Ikarus Trojan.Win32.Scar 20190212
Sophos ML heuristic 20181128
Jiangmin Trojan/Scar.bayz 20190212
K7AntiVirus Trojan ( 0043a4491 ) 20190212
K7GW Trojan ( 0043a4491 ) 20190212
Kaspersky Trojan.Win32.Scar.ojsz 20190212
McAfee Trojan-FDXL!1E97EF734620 20190212
McAfee-GW-Edition BehavesLike.Win32.Trojan.qc 20190212
Microsoft Trojan:Win32/Sakurel.B!dha 20190212
eScan Gen:Variant.Zusy.287583 20190212
NANO-Antivirus Trojan.Win64.Agent.cysfdn 20190212
Panda Trj/Genetic.gen 20190212
Qihoo-360 HEUR/QVM11.1.2EF3.Malware.Gen 20190212
Rising Trojan.Shyape!1.A74F (TFE:dGZlOgUCyEDxRf94SQ) 20190212
SentinelOne (Static ML) static engine - malicious 20190203
Symantec Trojan!im 20190212
TheHacker Posible_Worm32 20190212
Trapmine suspicious.low.ml.score 20190123
TrendMicro BKDR_DIOFOPI.SM 20190212
TrendMicro-HouseCall BKDR_DIOFOPI.SM 20190212
VBA32 BScope.Trojan.Scar 20190212
ViRobot Trojan.Win32.Sakula.91136[UPX] 20190212
Yandex Trojan.Scar!5/nXrtpfF1U 20190212
ZoneAlarm by Check Point Trojan.Win32.Scar.ojsz 20190212
Zoner Trojan.Win32.32919 20190212
Acronis 20190208
AegisLab 20190212
AhnLab-V3 20190212
Alibaba 20180921
Avast-Mobile 20190212
Babable 20180918
Bkav 20190201
Cyren 20190212
F-Prot 20190212
Kingsoft 20190212
Malwarebytes 20190212
MAX 20190216
Palo Alto Networks (Known Signatures) 20190212
Sophos AV 20190212
SUPERAntiSpyware 20190206
Symantec Mobile Insight 20190207
TACHYON 20190212
Tencent 20190212
TotalDefense 20190212
Trustlook 20190212
Webroot 20190212
Zillya 20190211
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Packers identified
F-PROT UPX
PEiD UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-02-05 04:03:07
Entry Point 0x00021FC0
Number of sections 3
PE sections
Overlays
MD5 41f758cd7820826e5408014378a26f27
File type data
Offset 43520
Size 11264
Entropy 3.88
PE imports
VirtualProtect
LoadLibraryA
ExitProcess
GetProcAddress
Ord(680)
InternetOpenA
Number of PE resources by type
DAT 2
RT_MANIFEST 1
Number of PE resources by language
CHINESE SIMPLIFIED 2
ENGLISH US 1
PE resources
ExifTool file metadata
MIMEType
application/octet-stream

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

TimeStamp
2013:02:05 05:03:07+01:00

FileType
Win32 EXE

PEType
PE32

CodeSize
45056

LinkerVersion
9.0

ImageFileCharacteristics
No relocs, Executable, 32-bit

FileTypeExtension
exe

InitializedDataSize
4096

SubsystemVersion
5.0

EntryPoint
0x21fc0

OSVersion
5.0

ImageVersion
0.0

UninitializedDataSize
94208

File identification
MD5 2891391d6f2d856c5d6ff932df5c3503
SHA1 23261643de5f852584e377c2185c155d7bdfa6e7
SHA256 af9e79ac9326c2589d1d2e8a9c19d2079c4a21bd19e05f11c532cdd46e82e114
ssdeep
768:VvQB/z0pqrLoyT8I+E1j+KPPIYu8T0aTsJK56VO8XM0Wns+b2znpNqPZaKFt9kSc:VODhc+yBJW0WTU5XM1nJqjp0DNDCkc

authentihash 7768f02d9f0acff5d573c9afe516b4719be7e356ed0267549695bf8362efd37b
imphash 4d12409423f75786a52033f8c6a5a133
File size 53.5 KB ( 54784 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable (generic) (52.9%)
Generic Win/DOS Executable (23.5%)
DOS Executable Generic (23.5%)
Tags
peexe upx overlay

VirusTotal metadata
First submission 2019-02-12 18:02:16 UTC ( 2 months, 1 week ago )
Last submission 2019-02-12 18:02:16 UTC ( 2 months, 1 week ago )
File names .
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Shell commands
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
HTTP requests
DNS requests
TCP connections